How to nicely handle file upload MaxUploadSizeExceededException with Spring Security

Question

I\'m using Spring Web 4.0.5, Spring Security 3.2.4, Commons FileUpload 1.3.1, Tomcat 7 and I\'m getting an ugly MaxUploadSizeExceededException when my upload si

Answer 1

You can handle the MaxUploadSizeExceededException by adding an additional Filter to catch the exception and the redirect to an error page. For example, you could create a MultipartExceptionHandler Filter like the following:

public class MultipartExceptionHandler extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request,
            HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        try {
            filterChain.doFilter(request, response);
        } catch (MaxUploadSizeExceededException e) {
            handle(request, response, e);
        } catch (ServletException e) {
            if(e.getRootCause() instanceof MaxUploadSizeExceededException) {
                handle(request, response, (MaxUploadSizeExceededException) e.getRootCause());
            } else {
                throw e;
            }
        }
    }

    private void handle(HttpServletRequest request,
            HttpServletResponse response, MaxUploadSizeExceededException e) throws ServletException, IOException {

        String redirect = UrlUtils.buildFullRequestUrl(request) + "?error";
        response.sendRedirect(redirect);
    }

}

NOTE: This redirect makes an assumption about your form and upload. You may need to modify where to redirect to. Specifically if you follow the pattern of your form being at GET and it is processed at POST this will work.

You can then ensure to add this Filter before MultipartFilter. For example, if you are using web.xml you would see something like this:

    meh
    org.example.web.MultipartExceptionHandler


    
        Allows the application to accept multipart file data.
    
    springMultipartFilter
    springMultipartFilter
    org.springframework.web.multipart.support.MultipartFilter
    


    
        Secures access to web resources using the Spring Security framework.
    
    springSecurityFilterChain
    springSecurityFilterChain
    org.springframework.web.filter.DelegatingFilterProxy



    meh
    /*


    springMultipartFilter
    /*


    springSecurityFilterChain
    /*
    ERROR
    REQUEST

In your form you can then detect if the error occurred by inspecting if the HTTP parameter error is present. For example, in a JSP you might do the following:

    
Failed to upload...too big

PS: I created SEC-2614 to update the documentation to discuss error handling